pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2007Q4] pkgsrc

Module Name:    pkgsrc
Committed By:   ghen
Date:           Tue Jan 29 13:54:21 UTC 2008

Modified Files:
        pkgsrc/devel/apr0 [pkgsrc-2007Q4]: distinfo
        pkgsrc/www/apache2 [pkgsrc-2007Q4]: Makefile.common distinfo

Log Message:
Pullup ticket 2278 - requested by taca
security update for apache2

- pkgsrc/devel/arp0/distinfo                            1.3
- pkgsrc/www/apache2/Makefile.common                    1.23, 1.24
- pkgsrc/www/apache2/distinfo                           1.52

   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jan 21 14:30:01 UTC 2008

   Modified Files:
           pkgsrc/www/apache2: Makefile.common

   Log Message:
   Start update of apr0 pacakge to 0.9.17 and apache2 package to 2.0.63.
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jan 21 14:33:46 UTC 2008

   Modified Files:
           pkgsrc/devel/apr0: distinfo

   Log Message:
   Update apr0 package to

   Changes with APR 0.9.17

     *) Fix DSO-related crash on z/OS caused by incorrect memory
        allocation.  [David Jones <oscaremma>]

     *) Define apr_ino_t in such a way that it doesn't change definition
        based on the library consumer's -D'efines to the filesystem.
        [Lucian Adrian Grijincu <lucian.grijincu>]

     *) Cause apr_file_dup2() on Win32 to update the MSVCRT psuedo-stdio
        handles for fd-based and FILE * based I/O.  [William Rowe]

     *) Revert Win32 to the 0.9.14 behavior of apr_proc_create() for any
        of the three stdio streams which are not initialized, through either
        apr_procattr_io_set() or apr_procattr_child_XXX_set(), when given a
        procattr_t with one or two streams which were initialized through
        apr_procattr_child_XXX_set().  Once again, these do not inherit the
        parent process stdio stream to WIN32 child processes (passing
        INVALID_HANDLE_VALUE instead) as on Unix.  Note APR 1.3.0 adopts
        the Unix behavior of inheriting any uninitialized streams as the
        parent's corresponding stdio stream, in such cases.  [William Rowe]
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jan 21 14:37:22 UTC 2008

   Modified Files:
           pkgsrc/www/apache2: Makefile distinfo

   Log Message:
   Update apache package to 2.0.63.

   Changes with Apache 2.0.63

     *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout
        to /Device/Nul as the server is starting up, mirroring unix MPM's.
        PR: 43534  [Tom Donovan <Tom.Donovan>, William Rowe]

     *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform
        by recreating the bucket allocator each time the trans pool is cleared.
        PR: 11427 #16 (follow-on)  [Tom Donovan <Tom.Donovan>]

   Changes with Apache 2.0.62 (not released)

     *) SECURITY: CVE-2007-6388 (
        mod_status: Ensure refresh parameter is numeric to prevent
        a possible XSS attack caused by redirecting to other URLs.
        Reported by SecurityReason.  [Mark Cox, Joe Orton]

     *) SECURITY: CVE-2007-5000 (
        mod_imagemap: Fix a cross-site scripting issue.  Reported by JPCERT.
        [Joe Orton]

     *) Introduce the ProxyFtpDirCharset directive, allowing the administrator
        to identify a default, or specific servers or paths which list their
        contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem]

     *) log.c: Ensure Win32 resurrects its lost robust logger processes.
        [William Rowe]

     *) mpm_winnt: Eliminate wait_for_many_objects.  Allows the clean
        shutdown of the server when the MaxClients is higher then 257,
        in a more responsive manner [Mladen Turk, William Rowe]

     *) Add explicit charset to the output of various modules to work around
        possible cross-site scripting flaws affecting web browsers that do not
        derive the response character set as required by  RFC2616.  One of these
        reported by SecurityReason [Joe Orton]

     *) http_protocol: Escape request method in 405 error reporting.
        This has no security impact since the browser cannot be tricked
        into sending arbitrary method strings.  [Jeff Trawick]

     *) http_protocol: Escape request method in 413 error reporting.
        Determined to be not generally exploitable, but a flaw in any case.
        PR 44014 [Victor Stinner <victor.stinner>]
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jan 21 14:38:29 UTC 2008

   Modified Files:
           pkgsrc/www/apache2: Makefile.common

   Log Message:
   Add comment that this file is used by devel/apr0/Makefile detected
   by pkglint.

To generate a diff of this commit:
cvs rdiff -r1.2 -r1.2.4.1 pkgsrc/devel/apr0/distinfo
cvs rdiff -r1.22 -r1.22.4.1 pkgsrc/www/apache2/Makefile.common
cvs rdiff -r1.51 -r1.51.4.1 pkgsrc/www/apache2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index